Imagine for a moment that your company has come under attack by a skilled hacker. The hacker has accessed your customers’ names and contact information–and worse–your employees’ social security numbers. On top of that, your website is disabled so that you can’t take orders or collect the payments you need to stay in business.
Data breaches are now a fact of life together with taxes and death, but how can businesses better manage the risks related to a data breach and reduce the significant cost that can result from them?
One of the options is to buy a Cyber Liability Insurance Policy
Cyber Liability Insurance cover has been most successfully used as a risk transfer option in those countries that have mandatory data breach notification laws. The best example of this is the United States, where 46 of the 50 states have mandatory requirements for data breach notification.
In the UK, the impending draft EU Data Protection Regulation includes mandatory notification of breaches, but the scale and timing of this new regulation is still to be determined.
Mandatory data breach notification regulations are in part a driver for Cyber Liability Insurance cover as the costs of notifying affected users can be extremely high.
As the expense of dealing with a breach gets higher – and the cost of dealing with mandatory notification is added – the option of using Cyber Liability Insurance cover will become more attractive for many businesses, in much the same way that existing business insurance policies for fire, flood and theft are a vital itinerary in the risk management toolkit.
What is cyber liability insurance cover?
The term “cyber liability insurance cover” is often used to describe a range of covers – in very much the same way that the word cyber is used to describe a broad range of information security related tools, processes and services.
At the moment, cyber liability insurance cover can include:
- Crisis Response: Initial response by a cyber emergency response team including initial assessment of the risk and provision of advice on immediate action to take.
- Incident Management:
Notification: Expert advice to ensure that you comply with the notification requirements under Data Security Law
Defence: Legal forensic investigation and expert IT advice in connection with the defence of a claim against you for liability arising from the data breach.
Public relations: Expert PR advice and assistance in issuing initial press releases where required following the data breach.
- Investigation & Restoration:
Investigation: Legal forensic investigation and expert IT advice in connection with and as a result of a regulatory investigation of you arising due to the data breach.
Restoration: The restoring of email systems, online services and other IT software systems to the state they were in prior to the breach.
- Awards, fines & Credit Monitoring:
Awards & Damages: Payments for damages and related costs awarded against you following a claim, once a regulatory investigation has found you legally liable
Fines & Penalties: Payment for any fine, financial penalty or punitive award which has been issued by a statutory body, following a breach, as a direct result of your failure to comply with Data Security Law.
Credit Monitoring: Payment for the cost you incur with Equifax Credit Water Service for the provision of credit alert services to Data Subjects for a period of 12 months immediately following the breach.
Some of the elements of a cyber liability cover may be interconnected or overlap with cover from existing products, including those for business continuity, third-party supply chain issues and professional indemnity. Even if this overlap does exist, a decent cyber liability policy will ensure cyber risks are fully catered for.
How much will a Cyber Liability Policy cost me?
Mitchell Charlesworth Insurance Solutions can offer a Cyber Liability Insurance policy from as little as £113.44 per annum, dependant on the turnover of your business.